This is a tracking bug for a dependency of the juju MIR (bug #912861).
Juju is a revolutionary technology and is something that enterprises will use to deploy services and machines that are reachable over the network so highlevel documentation would aid in more peer review and help adoption in the enterprise. This does not have to be a massive book or anything-- for the design document, just some high level stuff with a few diagrams for the different providers so that people understand the architecture, network topologies, use of the bootstrapping node, how zookeeper is used, how charms are deployed, how services are deployed/exposed, etc. The security design document would complement this and mention how ssh access works, environments.yaml, initial security groups, zookeeper ACLs, what juju does to limit access to the bootstrapping node, keeping systems up to date, how charms on the bootstrapping node can't be subverted, the security issues we've discussed. The two could be in one document and could be in a man page or in juju.ubuntu.com/docs (ie part of the official documentation).

This is a tracking bug for a dependency of the juju MIR (bug #912861).
Juju is a revolutionary technology and is something that enterprises will use to deploy services and machines that are reachable over the network so highlevel documentation would aid in more peer review and help adoption in the enterprise. This does not have to be a massive book or anything-- for the design document, just some high level stuff with a few diagrams for the different providers so that people understand the architecture, network topologies, use of the bootstrapping node, how zookeeper is used, how charms are deployed, how services are deployed/exposed, etc. The security design document would complement this and mention how ssh access works, environments.yaml, initial security groups, zookeeper ACLs, what juju does to limit access to the bootstrapping node, keeping systems up to date, how charms are run as root (and therefore must be guarded against tampering), how charms once on the bootstrapping node can't be subverted, the security issues we've discussed. The two could be in one document and could be in a man page or in juju.ubuntu.com/docs (ie part of the official documentation).